We use cookies to give you the best possible online experience. If you continue, we’ll assume you are happy for your web browser to receive all cookies from our website. See our cookie policy for more information on cookies and how to manage them.

Now, for all you non-EU readers: before you even think about closing this tab, pay close attention. Even though the new regulation primarily addresses EU-based organisations, it also directly impacts organisations in the U.S.. Do you:

have offices or employees in the EU?

market or sell to EU citizens?

partner with EU-based organisations?

may have at one point, or may at some point in the future, process, store, receive, or handle in any way, data pertaining to EU citizens?

If so, you must comply with the EU GDPR guidelines. Consider and plan for the following:

1. Data that already resides within your organisation

Let’s say you’ve done business with, corresponded with, or collected information from an EU citizen in the past. Whether it was a deliberate interaction, or an EU citizen simply filled out a form on your website, the new rules apply retroactively to any data acquired in the past. Organisations must scan their environments, identify any data that could potentially be used to identify an EU citizen, and make sure all storage, processing, and management of that data is compliant.

2. Data that is used for targeted marketing

Does your organisation operate globally, have international satellite offices, or market to individuals/businesses in other countries? You may need to put new processes in place to handle EU citizens’ data differently from the rest. The EU GDPR includes unique guidelines around both the collection and use of data for direct marketing purposes, as well as the manner in which EU citizens are profiled in marketing efforts.

3. All new data

Requests for product demos, support inquiries, emails, information added to HR systems, etc… Organisations are constantly taking in data that can be used – on its own, or in conjunction with other data – to identify individuals. Going forward, all incoming data must be classified according to where the individuals reside to ensure EU data is processed, stored, and managed in accordance with the new laws.

4. Data that is breached, altered, deleted, or destructed

Does your organisation keep a detailed, auditable log of the lifespan of each piece of data? Under the new guidelines, EU citizens must opt in to data collection, may request deletion of data, and must be expressly informed of the purpose(s) of use, duration of storage, and loss or destruction of their data. To prepare, any organisation who has, or may acquire data on EU citizens must be prepared to track and report out on the treatment of their personal information.

5. Encrypted data

The EU GDPR implements strict guidelines as to how organisations must handle data breaches. However, if the lost data was properly encrypted, organisations are exempt from the time-consuming, financially draining, and potentially reputation-tarnishing obligations. Now, indiscriminately encrypting all data breaks functionality and turns cybersecurity into a barrier to productivity. To prepare for the new laws, it’s crucial for organisations to put encryption solutions in place that are selective, targeted, and flexible.

Are You Ready for EU GDPR?

Find out more in this recorded webinar, where you’ll hear from Andrew Dyson of DLA Piper UK LLP, and Jennifer Sand, CloudLock’s VP of Product Management. Plus, find out how a CASB can help with the implementation of customer controls, incident management, and ongoing audits.

Follow us

Browser Not Supported

Your browser version is outdated.

We would recommend you upgrade to a recent version to ensure that you have a good experience on the CloudLock site. Outdated browsers also increase your security risk. So please update your browser and come back later!

Click on the icon below to download the latest version of your browser